CoinMarketCap has released part of the findings from its investigation into a recent hack that saw over three million email addresses, allegedly from the platform, trading on hacking forums.
The cybercriminals took a list of email addresses leaked in another breach. They then compared them with other leaked data to create a list of email addresses supposedly from CoinMarketCap.
Following its investigation, CoinMarketCap confirms its servers were not the source of the breach. Instead, the platform believes that affected users used the same password for their CoinMarketCap accounts and other accounts. This was after a thorough check of their servers and a lack of passwords among the leaked data.
“As no passwords are included in the data we have seen, we believe that it is most likely sourced from another platform where users may have reused passwords across multiple sites,” says the team in a post.
The date of this “breach” was 12 October 2021 and involved 3,117,548 email addresses. However, no monetary losses have been announced due to the leak. This is in comparison to severe incidents like the Cryptopia attack, where significant sums were paid to claimants.
Therefore, without the possession of passwords, it seems unlikely that any funds will be lost.
“We urge everyone to adopt good cybersecurity habits and to have unique passwords on every site they use,” the team says.
Insurance for losses for each hack
CoinMarketCap belongs to the global exchange Binance. Binance purchased the company in March 2020 for an undisclosed price.
Coinbase, Binance’s direct competitor, recently experienced a hack by exploiting its Multi-Factor Authentication system. Over 6,000 customers’ funds lost funds through compromised passwords, email addresses, and phone numbers.
This was likely a social engineering scam. This is a scam where victims unwittingly divulge personal information, which the hacker then uses.
To Coinbase’s credit, they possess crime insurance that can replace assets lost through theft or cybersecurity breaches, and they were able to pay back the funds into user accounts. Overall, this kind of insurance has become increasingly necessary as hackers have identified cryptocurrency as a lucrative area of opportunity.
Hacker forums a breeding ground for KYC data trading
Data trading on hacker forums is nothing new. In March, a hack against Indian payment and wallet service provider MobiKwik saw 8.2TB of Know-Your-Customer (KYC) data compromised.
The data was allegedly available for sale on a hacker forum at 1.5 BTC. The seller set up a portal where a user could search by using a phone number or email address and get specific results from the 8.2TB of data.